Probleme mit Let's Encrypt und Subdomains

T

thomas10

Member
Hallo Ihr Lieben,
wieder einmal habe ich Probleme mit Let's Encrypt und einer Subdomain. Die DNS-Einträge sind richtig. Wenn ich certbot-auto renew aufrufe, erhalte ich folgende Fehler:

Code: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mustermann.subdomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mustermann.subdomain.de
http-01 challenge for www.mustermann.subdomain.de
Waiting for verification...
Challenge failed for domain www.mustermann.subdomain.de
Challenge failed for domain mustermann.subdomain.de
http-01 challenge for www.mustermann.subdomain.de
http-01 challenge for mustermann.subdomain.de
Cleaning up challenges
Attempting to renew cert (mustermann.subdomain.de) from /etc/letsencry

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mustermann.subdomain.de/fullchain.pem (failure                                                                                                                                                             )
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: mustermann.subdomain.de
   Type:   unauthorized
   Detail: Invalid response from
   https://mustermann.subdomain.de/.well-known/acme-challenge/FJI_JZBk                                                                                                                                                             PokJeGJI9mL0_6ong7AncPyfMfNq1iFhvHE
   [37.221.192.201]: "\n\n\n\t<!DOCTYPE html>\n\t<html
   xmlns=\"http://www.w3.org/1999/xhtml\" dir=\"ltr\"
   lang=\"de\">\n\t\t\n\t\t\t<head>\n\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t<!--\n\t\                                                                                                                                                             t\t\n\t\t\t\t"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
- The following errors were reported by the server:

   Domain: www.mustermann.subdomain.de
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for
   www.mustermann.subdomain.de - check that a DNS record
   exists for this domain

bei certbot-auto certonly funktioniert es allerdings:


Code: 
root@server:~# certbot-auto certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Nginx Web Server plugin (nginx)
3: Spin up a temporary webserver (standalone)
4: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate number [1-4] then [enter] (press 'c' to cancel): 3
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): mustermann.subdomain.de
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/mustermann.subdomain.de-0001.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mustermann.subdomain.de
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mustermann.subdomain.de-0001/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mustermann.subdomain.de-0001/privkey.pem
   Your cert will expire on 2020-08-31. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Was läuft das falsch? Das Problem ist mir erst nach dem Update auf Debian Buster aufgefallen. Ich hoffe, Ihr könnt mir helfen.

Liebe Grüße
Thomas
 
Zuletzt bearbeitet:
Du musst dich einloggen oder registrieren, um hier zu antworten.

Werbung

Top